https://pulumi.com logo
Powered by
#getting-started
Title
# getting-started
c

creamy-hamburger-70712

10/18/2023, 10:29 AM
Hi, I generate a random password with
Copy code
random.RandomPassword(
...
    keepers={
        "engine": engine,
        "instance_class": db_instance_class,
        "username": master_db_username,
    },
)
aws.rds.Instance(
...
    password=random_password_provider.result
)
and save it in AWS Secrets Manager
Copy code
# Create an AWS Secrets Manager secret for the master password
master_password_secret = aws.secretsmanager.Secret(
    master_secret_resource_name,
    name=master_secret_name,
    description="Master authentication information",
    opts=pulumi.ResourceOptions(delete_before_replace=True),
)
master_password_secret_version = aws.secretsmanager.SecretVersion(
    master_secret_version_resource_name,
    secret_id=master_password_secret.id,
    secret_string=pulumi.Output.all(
        username=rds_instance.username,
        password=rds_instance.password,
        host=rds_instance.address,
        port=rds_instance.port,
        engine=rds_instance.engine,
    ).apply(
        lambda args: json.dumps(
            {
                "username": args["username"],
                "password": args["password"],
                "engine": args["engine"],
                "host": args["host"],
                "port": args["port"],
            }
        )
    ),
)
Working with secrecretsmanager seems problematic. I get errors such as this one when I want to update the secret.
Copy code
Type                                 Name                     Status                   Info
     pulumi:pulumi:Stack                  brain-dev                                         36 messages
 ~   ├─ aws:secretsmanager:Secret         devMasterPasswordSecret  **updating failed**      [diff: ~description]; 1 error
 +-  ├─ aws:secretsmanager:SecretVersion  akari/brain/dev          **replacing failed**     1 error
     └─ aws:rds:Instance                  devinstance              **failed**               1 error
Diagnostics:
  pulumi:pulumi:Stack (brain-dev):
    panic: interface conversion: interface {} is nil, not map[string]interface {}
    goroutine 111 [running]:
    <http://github.com/hashicorp/go-cty/cty.Value.GetAttr({{{0xfb93078|github.com/hashicorp/go-cty/cty.Value.GetAttr({{{0xfb93078>?, 0xc00cd3b8e8?}}, {0x0?, 0x0?}}, {0xe5dbd51, 0x8})
        /home/runner/go/pkg/mod/github.com/hashicorp/go-cty@v1.4.1-0.20200414143053-d3edf31b6320/cty/value_ops.go:711 +0x2de       
    <http://github.com/hashicorp/terraform-provider-aws/internal/provider.tagsResourceInterceptor.run({0xc002f25f20|github.com/hashicorp/terraform-provider-aws/internal/provider.tagsResourceInterceptor.run({0xc002f25f20>?, 0xe8cfd30?, 0xe8cfd28?}, {0xfb92c50, 0xc0085e37d0}, {0xfba3a18, 0xc006a6df00}, {0xe56fa80?, 0xc001088b60?}, 0x1, ...)
        /home/runner/work/pulumi-aws/pulumi-aws/upstream/internal/provider/intercept.go:250 +0x143a
    <http://github.com/hashicorp/terraform-provider-aws/internal/provider.New.(*wrappedResource).Update.interceptedHandler[...].func10(0xcaa0160|github.com/hashicorp/terraform-provider-aws/internal/provider.New.(*wrappedResource).Update.interceptedHandler[...].func10(0xcaa0160>?, {0xe56fa80?, 0xc001088b60?})
        /home/runner/work/pulumi-aws/pulumi-aws/upstream/internal/provider/intercept.go:100 +0x169
    <http://github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0xfb92d30|github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0xfb92d30>?, {0xfb92d30?, 0x1a8050e0?}, 0xd?, {0xe56fa80?, 0xc001088b60?})
        /home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-sdk/v2@v2.0.0-20230912190043-e6d96b3b8f7e/helper/schema/resource.go:812 +0x7a
    <http://github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc002f97ce0|github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc002f97ce0>, {0xfb92d30, 0x1a8050e0}, 0xc008938d00, 0xc006a6dd00, {0xe56fa80, 0xc001088b60})
        /home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-sdk/v2@v2.0.0-20230912190043-e6d96b3b8f7e/helper/schema/resource.go:924 +0x83a
    <http://github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfshim/sdk-v2.v2Provider.Apply({0xc000a6e240|github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfshim/sdk-v2.v2Provider.Apply({0xc000a6e240>?, {0xc00019c740?, 0x0?, 0xc00cd6f4c8?}}, {0xe698622, 0x19}, {0xfb93178?, 0xc002126678}, {0xfba34c8, 0xc006a6dd00})
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/v3@v3.60.2-0.20230927165309-e3fd9503f2d3/pkg/tfshim/sdk-v2/provider.go:100 +0x165
    <http://github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.(*Provider).Update(0xc000555b80|github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.(*Provider).Update(0xc000555b80>, {0xfb92c50?, 0xc00831c420?}, 0xc000de7b00)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/v3@v3.60.2-0.20230927165309-e3fd9503f2d3/pkg/tfbridge/provider.go:975 +0x8ac
    <http://github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update.func1({0xfbc2718|github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update.func1({0xfbc2718>?, 0xc000555b80?})
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/muxer@v0.0.7-0.20230801203955-5d215c892096/muxer.go:356 +0x33
    <http://github.com/pulumi/pulumi-terraform-bridge/x/muxer.resourceMethod[...](0xc00cb04d70|github.com/pulumi/pulumi-terraform-bridge/x/muxer.resourceMethod[...](0xc00cb04d70>?, 0x40, 0xc00cd6f778?)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/muxer@v0.0.7-0.20230801203955-5d215c892096/muxer.go:303 +0xb5
    <http://github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update(0x0|github.com/pulumi/pulumi-terraform-bridge/x/muxer.(*muxer).Update(0x0>?, {0xfb92c50?, 0xc00831c420?}, 0x40?)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/x/muxer@v0.0.7-0.20230801203955-5d215c892096/muxer.go:355 +0x65
    <http://github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler.func1({0xfb92c50|github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler.func1({0xfb92c50>, 0xc00831c420}, {0xe17eae0?, 0xc000de7b00})
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.81.0/proto/go/provider_grpc.pb.go:609 +0x75
    <http://github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1({0xfb92c50|github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1({0xfb92c50>, 0xc007dd5f20}, {0xe17eae0, 0xc000de7b00}, 0xc009e2c560, 0xc002126600)
        /home/runner/go/pkg/mod/github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645/go/otgrpc/server.go:57 +0x3d0
    <http://github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler({0xe3dc980|github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Update_Handler({0xe3dc980>?, 0xc00cb04d70}, {0xfb92c50, 0xc007dd5f20}, 0xc009e2bc70, 0xc00b24ea40)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.81.0/proto/go/provider_grpc.pb.go:611 +0x135
    <http://google.golang.org/grpc.(*Server).processUnaryRPC(0xc000700000|google.golang.org/grpc.(*Server).processUnaryRPC(0xc000700000>, {0xfba59e0, 0xc0097061a0}, 0xc00cd44900, 0xc0086cf590, 0x1a792a70, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.57.0/server.go:1360 +0xe15
    <http://google.golang.org/grpc.(*Server).handleStream(0xc000700000|google.golang.org/grpc.(*Server).handleStream(0xc000700000>, {0xfba59e0, 0xc0097061a0}, 0xc00cd44900, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.57.0/server.go:1737 +0x9e7
    <http://google.golang.org/grpc.(*Server).serveStreams.func1.1()|google.golang.org/grpc.(*Server).serveStreams.func1.1()>
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.57.0/server.go:982 +0x8d
    created by <http://google.golang.org/grpc.(*Server).serveStreams.func1|google.golang.org/grpc.(*Server).serveStreams.func1> in goroutine 23
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.57.0/server.go:980 +0x165

  aws:secretsmanager:SecretVersion (akari/brain/dev):
    error: connection error: desc = "transport: Error while dialing: dial tcp 127.0.0.1:58132: connectex: No connection could be made because the target machine actively refused it."

  aws:secretsmanager:Secret (devMasterPasswordSecret):
    error: error reading from server: read tcp 127.0.0.1:58136->127.0.0.1:58132: wsarecv: An existing connection was forcibly closed by the remote host.

  aws:rds:Instance (devinstance):
    error: error reading from server: read tcp 127.0.0.1:58136->127.0.0.1:58132: wsarecv: An existing connection was forcibly closed by the remote host.

Outputs:
I am not certain if this is the right workflow for creating and storing passwords in Pulumi. I save the password in Secrets Manager so that my app can retrieve it from there to access the DB. (I create another non-master db role too. The workflow is the same above.) What is the right/recommended workflow in Pulumi Python to create and save passwords when creating infra for use in app code?
b

billowy-army-68599

10/18/2023, 11:52 AM
this looks like a bug to me, can you open an issue?
I do something very similar with AWS SSM and it works without issue:
Copy code
db_uri = pulumi.Output.all(
            username=self.database.username,
            password=self.database.password,
            endpoint=self.database.endpoint,
            db_name=self.database.db_name,
        ).apply(
            lambda args: f"postgresql://{args['username']}:{args['password']}@{args['endpoint']}/{args['db_name']}",
        )
        self.db_uri = aws.ssm.Parameter(
            f"{name}-db-uri",
            type="SecureString",
            value=db_uri,
            tags=args.tags,
            opts=pulumi.ResourceOptions(parent=self),
        )
c

creamy-hamburger-70712

10/18/2023, 12:25 PM
2 Views
Powered by